Fedora 22 : krb5-1.13.1-2.fc22 (2015-5949)

Description

Security fix for CVE-2014-5353 (this was fixed in an older build but the announcement was lost)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017

{"result": {"cve": [{"id": "CVE-2014-5353", "type": "cve", "title": "CVE-2014-5353", "description": "The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.", "published": "2014-12-16T18:59:00", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5353", "cvelist": ["CVE-2014-5353"], "lastseen": "2018-02-05T15:14:47"}], "nessus": [{"id": "MANDRIVA_MDVSA-2015-009.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : krb5 (MDVSA-2015:009)", "description": "Updated krb5 packages fix security vulnerability :\n\nIn MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause a NULL dereference by attempting to use a named ticket policy object as a password policy for a principal. The attacker needs to be authenticated as a user who has the elevated privilege for setting password policy by adding or modifying principals (CVE-2014-5353).", "published": "2015-01-09T00:00:00", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=80428", "cvelist": ["CVE-2014-5353"], "lastseen": "2017-10-29T13:35:23"}, {"id": "FREEBSD_PKG_3A888A1EB32111E483B2206A8A720317.NASL", "type": "nessus", "title": "FreeBSD : krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092 (3a888a1e-b321-11e4-83b2-206a8a720317)", "description": "The MIT Kerberos team reports :\n\nCVE-2014-5353: The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.\n\nCVE-2014-5354: plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin 'add_principal -nokey' or 'purgekeys -all' command.", "published": "2015-02-13T00:00:00", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81331", "cvelist": ["CVE-2014-5354", "CVE-2014-5353"], "lastseen": "2017-10-29T13:33:35"}, {"id": "FEDORA_2015-7878.NASL", "type": "nessus", "title": "Fedora 21 : krb5-1.12.2-17.fc21 (2015-7878)", "description": "Security fix for CVE-2015-2694 Security fix for CVE-2014-5353 (this was fixed in an older build but the announcement was lost)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-06-22T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84305", "cvelist": ["CVE-2014-5353", "CVE-2015-2694"], "lastseen": "2017-10-29T13:36:37"}, {"id": "OPENSUSE-2015-246.NASL", "type": "nessus", "title": "openSUSE Security Update : krb5 (openSUSE-2015-246)", "description": "krb5 was updated to fix three security issues.\n\nRemote authenticated users could cause denial of service.\n\nOn openSUSE 13.1 and 13.2 krb5 was updated to fix the following vulnerabilities :\n\n - bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name\n\n - bnc#918595: CVE-2014-5355: krb5: denial of service in krb5_read_message On openSUSE 13.1 krb5 was updated to fix the following vulnerability :\n\n - bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries", "published": "2015-03-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81965", "cvelist": ["CVE-2014-5355", "CVE-2014-5354", "CVE-2014-5353"], "lastseen": "2017-10-29T13:35:22"}, {"id": "SUSE_SU-2015-1282-1.NASL", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2015:1282-1)", "description": "krb5 was updated to fix three security issues.\n\nRemote authenticated users could cause denial of service.\n\nThese security issues were fixed :\n\n - CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name (bsc#910457).\n\n - CVE-2014-5354: NULL pointer dereference when using keyless entries (bsc#910458).\n\n - CVE-2014-5355: Denial of service in krb5_read_message (bsc#918595).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-07-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84979", "cvelist": ["CVE-2014-5355", "CVE-2014-5354", "CVE-2014-5353"], "lastseen": "2017-10-29T13:39:20"}, {"id": "SL_20150409_KRB5_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : krb5 on SL6.x i386/x86_64", "description": "The following security issues are fixed with this release :\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal.\n(CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)", "published": "2015-04-10T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82694", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2017-10-29T13:40:27"}, {"id": "ORACLEVM_OVMSA-2016-0039.NASL", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : krb5 (OVMSA-2016-0039)", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix (CVE-2015-8629, CVE-2015-8631)\n\n - Also fix a spec trigger issue that prevents building\n\n - Resolves: #1306973", "published": "2016-03-24T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=90138", "cvelist": ["CVE-2014-5355", "CVE-2015-8631", "CVE-2014-5353", "CVE-2015-8629"], "lastseen": "2017-10-29T13:34:41"}, {"id": "ORACLELINUX_ELSA-2015-0794.NASL", "type": "nessus", "title": "Oracle Linux 6 : krb5 (ELSA-2015-0794)", "description": "From Red Hat Security Advisory 2015:0794 :\n\nUpdated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC.\n\nThe following security issues are fixed with this release :\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal.\n(CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project acknowledges Nico Williams for assisting with the analysis of CVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2015-04-10T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82689", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2017-10-29T13:36:15"}, {"id": "REDHAT-RHSA-2015-0794.NASL", "type": "nessus", "title": "RHEL 6 : krb5 (RHSA-2015:0794)", "description": "Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nKerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC.\n\nThe following security issues are fixed with this release :\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal.\n(CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting CVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project acknowledges Nico Williams for assisting with the analysis of CVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2015-04-09T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82656", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2017-10-29T13:42:24"}, {"id": "ALA_ALAS-2015-518.NASL", "type": "nessus", "title": "Amazon Linux AMI : krb5 (ALAS-2015-518)", "description": "A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal.\n(CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.\n(CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422)", "published": "2015-05-07T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83269", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2017-10-29T13:40:33"}], "openvas": [{"id": "OPENVAS:1361412562310869606", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2015-5949", "description": "Check the version of krb5", "published": "2015-07-07T00:00:00", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869606", "cvelist": ["CVE-2014-5353"], "lastseen": "2017-07-25T10:53:44"}, {"id": "OPENVAS:1361412562310882160", "type": "openvas", "title": "CentOS Update for krb5-devel CESA-2015:0794 centos6 ", "description": "Check the version of krb5-devel", "published": "2015-04-10T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882160", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2017-07-25T10:53:34"}, {"id": "OPENVAS:1361412562310871351", "type": "openvas", "title": "RedHat Update for krb5 RHSA-2015:0794-01", "description": "Check the version of krb5", "published": "2015-04-10T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871351", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2017-07-27T10:53:13"}, {"id": "OPENVAS:1361412562310120539", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2015-518", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120539", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2017-07-24T12:52:54"}, {"id": "OPENVAS:1361412562310123137", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0794", "description": "Oracle Linux Local Security Checks ELSA-2015-0794", "published": "2015-10-06T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123137", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2017-07-24T12:53:58"}, {"id": "OPENVAS:1361412562310891265", "type": "openvas", "title": "Debian Lts Announce DLA 1265-1 ([SECURITY] [DLA 1265-1] krb5 security update)", "description": "Kerberos, a system for authenticating users and services on a network,\nwas affected by several vulnerabilities. The Common Vulnerabilities\nand Exposures project identifies the following issues.\n\nCVE-2013-1418\nKerberos allows remote attackers to cause a denial of service\n(NULL pointer dereference and daemon crash) via a crafted request\nwhen multiple realms are configured.\n\nCVE-2014-5351\nKerberos sends old keys in a response to a -randkey -keepold\nrequest, which allows remote authenticated users to forge tickets by\nleveraging administrative access.\n\nCVE-2014-5353\nWhen the KDC uses LDAP, allows remote authenticated users to cause a\ndenial of service (daemon crash) via a successful LDAP query with no\nresults, as demonstrated by using an incorrect object type for a\npassword policy.\n\nCVE-2014-5355\nKerberos expects that a krb5_read_message data field is represented\nas a string ending with a ", "published": "2018-02-21T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891265", "cvelist": ["CVE-2016-3119", "CVE-2014-5351", "CVE-2016-3120", "CVE-2014-5355", "CVE-2014-5353", "CVE-2013-1418"], "lastseen": "2018-02-26T15:21:40"}, {"id": "OPENVAS:1361412562310869079", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2015-2347", "description": "Check the version of krb5", "published": "2015-03-13T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869079", "cvelist": ["CVE-2014-9422", "CVE-2014-5354", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421", "CVE-2014-9423"], "lastseen": "2017-07-25T10:52:54"}, {"id": "OPENVAS:1361412562310869458", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2015-7878", "description": "Check the version of krb5", "published": "2015-06-21T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869458", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5354", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421", "CVE-2015-2694", "CVE-2014-9423"], "lastseen": "2017-07-25T10:53:04"}, {"id": "OPENVAS:1361412562310842089", "type": "openvas", "title": "Ubuntu Update for krb5 USN-2498-1", "description": "Check the version of krb5", "published": "2015-02-11T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842089", "cvelist": ["CVE-2014-9422", "CVE-2014-5351", "CVE-2014-5354", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421", "CVE-2014-9423"], "lastseen": "2017-12-04T11:23:44"}, {"id": "OPENVAS:1361412562310869070", "type": "openvas", "title": "Fedora Update for krb5 FEDORA-2015-2382", "description": "Check the version of krb5", "published": "2015-03-10T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869070", "cvelist": ["CVE-2014-9422", "CVE-2014-5351", "CVE-2014-4342", "CVE-2014-5352", "CVE-2014-4343", "CVE-2014-5353", "CVE-2014-4344", "CVE-2014-9421", "CVE-2014-4345", "CVE-2014-4341", "CVE-2013-1418", "CVE-2014-9423", "CVE-2013-1417"], "lastseen": "2017-07-25T10:52:39"}], "freebsd": [{"id": "3A888A1E-B321-11E4-83B2-206A8A720317", "type": "freebsd", "title": "krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092", "description": "\nThe MIT Kerberos team reports:\n\nCVE-2014-5353: The krb5_ldap_get_password_policy_from_dn\n\t function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in\n\t MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP,\n\t allows remote authenticated users to cause a denial of service\n\t (daemon crash) via a successful LDAP query with no results, as\n\t demonstrated by using an incorrect object type for a password\n\t policy.\nCVE-2014-5354: plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in\n\t MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when\n\t the KDC uses LDAP, allows remote authenticated users to cause a\n\t denial of service (NULL pointer dereference and daemon crash) by\n\t creating a database entry for a keyless principal, as\n\t demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys\n\t -all\" command.\n\n", "published": "2015-02-12T00:00:00", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/3a888a1e-b321-11e4-83b2-206a8a720317.html", "cvelist": ["CVE-2014-5354", "CVE-2014-5353"], "lastseen": "2016-09-26T17:24:21"}], "redhat": [{"id": "RHSA-2015:0794", "type": "redhat", "title": "(RHSA-2015:0794) Moderate: krb5 security update", "description": "Kerberos is a networked authentication system which allows clients and\nservers to authenticate to each other with the help of a trusted third\nparty, the Kerberos KDC.\n\nThe following security issues are fixed with this release:\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make\nan application using the GSS-API library (libgssapi) could call the\ngss_process_context_token() function and use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker who has the permissions to set the password policy\ncould crash kadmind by attempting to use a named ticket policy object as a\npassword policy for a principal. (CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not\ncorrectly sanitize input, and could create invalid krb5_data objects.\nA remote, unauthenticated attacker could use this flaw to crash a Kerberos\nchild process via a specially crafted request. (CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could use\nthis flaw to crash the MIT Kerberos administration server (kadmind), or\nother applications using Kerberos libraries, via specially crafted XDR\npackets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as \"kad/x\") could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as that\nuser. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project\nacknowledges Nico Williams for assisting with the analysis of\nCVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "published": "2015-04-09T04:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0794", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2017-03-10T13:18:49"}, {"id": "RHSA-2015:0439", "type": "redhat", "title": "(RHSA-2015:0439) Moderate: krb5 security, bug fix and enhancement update", "description": "A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor\nfor continuation tokens. A remote, unauthenticated attacker could use this flaw\nto crash a GSSAPI-enabled server application. (CVE-2014-4344)\n\nA buffer overflow was found in the KADM5 administration server (kadmind) when it\nwas used with an LDAP back end for the KDC database. A remote, authenticated\nattacker could potentially use this flaw to execute arbitrary code on the system\nrunning kadmind. (CVE-2014-4345)\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make an\napplication using the GSS-API library (libgssapi) call the\ngss_process_context_token() function could use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker with the permissions to set the password policy could\ncrash kadmind by attempting to use a named ticket policy object as a password\npolicy for a principal. (CVE-2014-5353)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External\nData Representation (XDR) data. An authenticated user could use this flaw to\ncrash the MIT Kerberos administration server (kadmind), or other applications\nusing Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly\naccepted certain authentication requests for two-component server principal\nnames. A remote attacker able to acquire a key with a particularly named\nprincipal (such as \"kad/x\") could use this flaw to impersonate any user to\nkadmind, and perform administrative actions as that user. (CVE-2014-9422)\n\nAn information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS\nimplementation (libgssrpc) handled certain requests. An attacker could send a\nspecially crafted request to an application using libgssrpc to disclose a\nlimited portion of uninitialized memory used by that application.\n(CVE-2014-9423)\n\nTwo buffer over-read flaws were found in the way MIT Kerberos handled certain\nrequests. A remote, unauthenticated attacker able to inject packets into a\nclient or server application's GSSAPI session could use either of these flaws to\ncrash the application. (CVE-2014-4341, CVE-2014-4342)\n\nA double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker\nable to spoof packets to appear as though they are from an GSSAPI acceptor could\nuse this flaw to crash a client application that uses MIT Kerberos.\n(CVE-2014-4343)\n\nRed Hat would like to thank the MIT Kerberos project for reporting the\nCVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT\nKerberos project acknowledges Nico Williams for helping with the analysis of\nCVE-2014-5352.\n\nThe krb5 packages have been upgraded to upstream version 1.12, which provides a\nnumber of bug fixes and enhancements, including:\n\n* Added plug-in interfaces for principal-to-username mapping and verifying\nauthorization to user accounts.\n\n* When communicating with a KDC over a connected TCP or HTTPS socket, the client\ngives the KDC more time to reply before it transmits the request to another\nserver. (BZ#1049709, BZ#1127995)\n\nThis update also fixes multiple bugs, for example:\n\n* The Kerberos client library did not recognize certain exit statuses that the\nresolver libraries could return when looking up the addresses of servers\nconfigured in the /etc/krb5.conf file or locating Kerberos servers using DNS\nservice location. The library could treat non-fatal return codes as fatal\nerrors. Now, the library interprets the specific return codes correctly.\n(BZ#1084068, BZ#1109102)\n\nIn addition, this update adds various enhancements. Among others:\n\n* Added support for contacting KDCs and kpasswd servers through HTTPS proxies\nimplementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)\n", "published": "2015-03-05T05:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0439", "cvelist": ["CVE-2014-4341", "CVE-2014-4342", "CVE-2014-4343", "CVE-2014-4344", "CVE-2014-4345", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421", "CVE-2014-9422", "CVE-2014-9423"], "lastseen": "2017-08-25T10:13:09"}], "amazon": [{"id": "ALAS-2015-518", "type": "amazon", "title": "Medium: krb5", "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. ([CVE-2014-5352 __](<https://access.redhat.com/security/cve/CVE-2014-5352>))\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. ([CVE-2014-5353 __](<https://access.redhat.com/security/cve/CVE-2014-5353>))\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request. ([CVE-2014-5355 __](<https://access.redhat.com/security/cve/CVE-2014-5355>))\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. ([CVE-2014-9421 __](<https://access.redhat.com/security/cve/CVE-2014-9421>))\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as \"kad/x\") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. ([CVE-2014-9422 __](<https://access.redhat.com/security/cve/CVE-2014-9422>))\n\n \n**Affected Packages:** \n\n\nkrb5\n\n \n**Issue Correction:** \nRun _yum update krb5_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n krb5-devel-1.10.3-37.29.amzn1.i686 \n krb5-pkinit-openssl-1.10.3-37.29.amzn1.i686 \n krb5-server-ldap-1.10.3-37.29.amzn1.i686 \n krb5-debuginfo-1.10.3-37.29.amzn1.i686 \n krb5-libs-1.10.3-37.29.amzn1.i686 \n krb5-workstation-1.10.3-37.29.amzn1.i686 \n krb5-server-1.10.3-37.29.amzn1.i686 \n \n src: \n krb5-1.10.3-37.29.amzn1.src \n \n x86_64: \n krb5-devel-1.10.3-37.29.amzn1.x86_64 \n krb5-server-1.10.3-37.29.amzn1.x86_64 \n krb5-debuginfo-1.10.3-37.29.amzn1.x86_64 \n krb5-server-ldap-1.10.3-37.29.amzn1.x86_64 \n krb5-workstation-1.10.3-37.29.amzn1.x86_64 \n krb5-libs-1.10.3-37.29.amzn1.x86_64 \n krb5-pkinit-openssl-1.10.3-37.29.amzn1.x86_64 \n \n \n", "published": "2015-05-05T15:44:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-518.html", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2016-09-28T21:04:10"}], "centos": [{"id": "CESA-2015:0794", "type": "centos", "title": "krb5 security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0794\n\n\nKerberos is a networked authentication system which allows clients and\nservers to authenticate to each other with the help of a trusted third\nparty, the Kerberos KDC.\n\nThe following security issues are fixed with this release:\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make\nan application using the GSS-API library (libgssapi) could call the\ngss_process_context_token() function and use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker who has the permissions to set the password policy\ncould crash kadmind by attempting to use a named ticket policy object as a\npassword policy for a principal. (CVE-2014-5353)\n\nIt was found that the krb5_read_message() function of MIT Kerberos did not\ncorrectly sanitize input, and could create invalid krb5_data objects.\nA remote, unauthenticated attacker could use this flaw to crash a Kerberos\nchild process via a specially crafted request. (CVE-2014-5355)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid\nExternal Data Representation (XDR) data. An authenticated user could use\nthis flaw to crash the MIT Kerberos administration server (kadmind), or\nother applications using Kerberos libraries, via specially crafted XDR\npackets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind)\nincorrectly accepted certain authentication requests for two-component\nserver principal names. A remote attacker able to acquire a key with a\nparticularly named principal (such as \"kad/x\") could use this flaw to\nimpersonate any user to kadmind, and perform administrative actions as that\nuser. (CVE-2014-9422)\n\nRed Hat would like to thank the MIT Kerberos project for reporting\nCVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project\nacknowledges Nico Williams for assisting with the analysis of\nCVE-2014-5352.\n\nAll krb5 users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021058.html\n\n**Affected packages:**\nkrb5\nkrb5-devel\nkrb5-libs\nkrb5-pkinit-openssl\nkrb5-server\nkrb5-server-ldap\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0794.html", "published": "2015-04-09T11:47:52", "cvss": {"score": 9, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021058.html", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2017-10-03T18:26:04"}, {"id": "CESA-2015:0439", "type": "centos", "title": "krb5 security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0439\n\n\nA NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor\nfor continuation tokens. A remote, unauthenticated attacker could use this flaw\nto crash a GSSAPI-enabled server application. (CVE-2014-4344)\n\nA buffer overflow was found in the KADM5 administration server (kadmind) when it\nwas used with an LDAP back end for the KDC database. A remote, authenticated\nattacker could potentially use this flaw to execute arbitrary code on the system\nrunning kadmind. (CVE-2014-4345)\n\nA use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5\nlibrary processed valid context deletion tokens. An attacker able to make an\napplication using the GSS-API library (libgssapi) call the\ngss_process_context_token() function could use this flaw to crash that\napplication. (CVE-2014-5352)\n\nIf kadmind were used with an LDAP back end for the KDC database, a remote,\nauthenticated attacker with the permissions to set the password policy could\ncrash kadmind by attempting to use a named ticket policy object as a password\npolicy for a principal. (CVE-2014-5353)\n\nA double-free flaw was found in the way MIT Kerberos handled invalid External\nData Representation (XDR) data. An authenticated user could use this flaw to\ncrash the MIT Kerberos administration server (kadmind), or other applications\nusing Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421)\n\nIt was found that the MIT Kerberos administration server (kadmind) incorrectly\naccepted certain authentication requests for two-component server principal\nnames. A remote attacker able to acquire a key with a particularly named\nprincipal (such as \"kad/x\") could use this flaw to impersonate any user to\nkadmind, and perform administrative actions as that user. (CVE-2014-9422)\n\nAn information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS\nimplementation (libgssrpc) handled certain requests. An attacker could send a\nspecially crafted request to an application using libgssrpc to disclose a\nlimited portion of uninitialized memory used by that application.\n(CVE-2014-9423)\n\nTwo buffer over-read flaws were found in the way MIT Kerberos handled certain\nrequests. A remote, unauthenticated attacker able to inject packets into a\nclient or server application's GSSAPI session could use either of these flaws to\ncrash the application. (CVE-2014-4341, CVE-2014-4342)\n\nA double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker\nable to spoof packets to appear as though they are from an GSSAPI acceptor could\nuse this flaw to crash a client application that uses MIT Kerberos.\n(CVE-2014-4343)\n\nRed Hat would like to thank the MIT Kerberos project for reporting the\nCVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT\nKerberos project acknowledges Nico Williams for helping with the analysis of\nCVE-2014-5352.\n\nThe krb5 packages have been upgraded to upstream version 1.12, which provides a\nnumber of bug fixes and enhancements, including:\n\n* Added plug-in interfaces for principal-to-username mapping and verifying\nauthorization to user accounts.\n\n* When communicating with a KDC over a connected TCP or HTTPS socket, the client\ngives the KDC more time to reply before it transmits the request to another\nserver. (BZ#1049709, BZ#1127995)\n\nThis update also fixes multiple bugs, for example:\n\n* The Kerberos client library did not recognize certain exit statuses that the\nresolver libraries could return when looking up the addresses of servers\nconfigured in the /etc/krb5.conf file or locating Kerberos servers using DNS\nservice location. The library could treat non-fatal return codes as fatal\nerrors. Now, the library interprets the specific return codes correctly.\n(BZ#1084068, BZ#1109102)\n\nIn addition, this update adds various enhancements. Among others:\n\n* Added support for contacting KDCs and kpasswd servers through HTTPS proxies\nimplementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-March/001610.html\n\n**Affected packages:**\nkrb5-devel\nkrb5-libs\nkrb5-pkinit\nkrb5-server\nkrb5-server-ldap\nkrb5-workstation\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0439.html", "published": "2015-03-17T13:28:30", "cvss": {"score": 9, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-March/001610.html", "cvelist": ["CVE-2014-9422", "CVE-2014-4342", "CVE-2014-5352", "CVE-2014-4343", "CVE-2014-5353", "CVE-2014-4344", "CVE-2014-9421", "CVE-2014-4345", "CVE-2014-4341", "CVE-2014-9423"], "lastseen": "2017-10-03T18:26:27"}], "oraclelinux": [{"id": "ELSA-2015-0794", "type": "oraclelinux", "title": "krb5 security update", "description": "[1.10.3-37]\n- fix for CVE-2014-5355 (#1193939) 'krb5: unauthenticated\n denial of service in recvauth_common() and others'\n[1.10.3-36]\n- fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused policy\n name crash'\n[1.10.3-35]\n- Changelog fixes to make errata subsystem happy.\n[1.10.3-34]\n- fix for CVE-2014-5352 (#1179856) 'gss_process_context_token()\n incorrectly frees context (MITKRB5-SA-2015-001)'\n- fix for CVE-2014-9421 (#1179857) 'kadmind doubly frees partial\n deserialization results (MITKRB5-SA-2015-001)'\n- fix for CVE-2014-9422 (#1179861) 'kadmind incorrectly\n validates server principal name (MITKRB5-SA-2015-001)'", "published": "2015-04-09T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0794.html", "cvelist": ["CVE-2014-9422", "CVE-2014-5355", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421"], "lastseen": "2016-09-04T11:16:08"}, {"id": "ELSA-2015-0439", "type": "oraclelinux", "title": "krb5 security, bug fix and enhancement update", "description": "[1.12.2-14]\n- fix for kinit -C loops (#1184629, MIT/krb5 issue 243, 'Do not\n loop on principal unknown errors').\n[1.12.2-13]\n- fix for CVE-2014-5352 (#1179856) 'gss_process_context_token()\n incorrectly frees context (MITKRB5-SA-2015-001)'\n- fix for CVE-2014-9421 (#1179857) 'kadmind doubly frees partial\n deserialization results (MITKRB5-SA-2015-001)'\n- fix for CVE-2014-9422 (#1179861) 'kadmind incorrectly\n validates server principal name (MITKRB5-SA-2015-001)'\n- fix for CVE-2014-9423 (#1179863) 'libgssrpc server applications\n leak uninitialized bytes (MITKRB5-SA-2015-001)'\n[1.12.2-12]\n- fix for CVE-2014-5354 (#1174546) 'krb5: NULL pointer\n dereference when using keyless entries'\n[1.12.2-11]\n- fix for CVE-2014-5353 (#1174543) 'Fix LDAP misused policy\n name crash'\n[1.12.2-10]\n- In ksu, without the -e flag, also check .k5users (#1105489)\n When ksu was explicitly told to spawn a shell, a line in .k5users which\n listed '*' as the allowed command would cause the principal named on the\n line to be considered as a candidate for authentication.\n When ksu was not passed a command to run, which implicitly meant that\n the invoking user wanted to run the target user's login shell, knowledge\n that the principal was a valid candidate was ignored, which could cause\n a less optimal choice of the default target principal.\n This doesn't impact the authorization checks which we perform later.\n Patch by Nalin Dahyabhai \n[1.12.2-9]\n- Undo libkadmclnt SONAME change (from 8 to 9) which originally\n happened in the krb5 1.12 rebase (#1166012) but broke\n rubygem-rkerberos (sort of ruby language bindings for\n libkadmclnt&co.) dependicies, as side effect of\n rubygem-rkerberos using private interfaces in libkadmclnt.\n[1.12.2-8]\n- fix the problem where the %license file has been a dangling symlink\n- ksu: pull in fix from pull #206 to avoid breakage when the\n default_ccache_name doesn't include a cache type as a prefix\n- ksu: pull in a proposed fix for pull #207 to avoid breakage when the\n invoking user doesn't already have a ccache\n[1.12.2-7]\n- pull in patch from master to load plugins with RTLD_NODELETE, when\n defined (RT#7947)\n[1.12.2-6]\n- backport patch to make the client skip checking the server's reply\n address when processing responses to password-change requests, which\n between NAT and upcoming HTTPS support, can cause us to erroneously\n report an error to the user when the server actually reported success\n (RT#7886)\n- backport support for accessing KDCs and kpasswd services via HTTPS\n proxies (marked by being specified as https URIs instead as hostnames\n or hostname-and-port), such as the one implemented in python-kdcproxy\n (RT#7929, #109919), and pick up a subsequent patch to build HTTPS\n as a plugin\n[1.12.2-5]\n- backport fix for trying all compatible keys when not being strict about\n acceptor names while reading AP-REQs (RT#7883, #1078888)\n- define _GNU_SOURCE in files where we use EAI_NODATA, to make sure that\n it's declared (#1059730,#1084068,#1109102)\n[1.12.2-4]\n- kpropd hasn't bothered with -S since 1.11; stop trying to use that flag\n in the systemd unit file\n[1.12.2-3]\n- pull in upstream fix for an incorrect check on the value returned by a\n strdup() call (#1132062)\n[1.12.1-15]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[1.12.2-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild\n[1.12.2-1]\n- update to 1.12.2\n - drop patch for RT#7820, fixed in 1.12.2\n - drop patch for #231147, fixed as RT#3277 in 1.12.2\n - drop patch for RT#7818, fixed in 1.12.2\n - drop patch for RT#7836, fixed in 1.12.2\n - drop patch for RT#7858, fixed in 1.12.2\n - drop patch for RT#7924, fixed in 1.12.2\n - drop patch for RT#7926, fixed in 1.12.2\n - drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2\n - drop patch for CVE-2014-4343, included in 1.12.2\n - drop patch for CVE-2014-4344, included in 1.12.2\n - drop patch for CVE-2014-4345, included in 1.12.2\n- replace older proposed changes for ksu with backports of the changes\n after review and merging upstream (#1015559, #1026099, #1118347)\n[1.12.1-14]\n- incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)\n[1.12.1-13]\n- gssapi: pull in upstream fix for a possible NULL dereference\n in spnego (CVE-2014-4344)\n[1.12.1-12]\n- gssapi: pull in proposed fix for a double free in initiators (David\n Woodhouse, CVE-2014-4343, #1117963)\n[1.12.1-11]\n- fix license handling\n[1.12.1-10]\n- pull in fix for denial of service by injection of malformed GSSAPI tokens\n (CVE-2014-4341, CVE-2014-4342, #1116181)\n[1.12.1-9]\n- pull in changes from upstream which add processing of the contents of\n /etc/gss/mech.d/*.conf when loading GSS modules (#1102839)\n[1.12.1-8]\n- pull in fix for building against tcl 8.6 (#1107061)\n[1.12.1-7]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\n[1.12.1-6]\n- Backport fix for change password requests when using FAST (RT#7868)\n[1.12.1-5]\n- spnego: pull in patch from master to restore preserving the OID of the\n mechanism the initiator requested when we have multiple OIDs for the same\n mechanism, so that we reply using the same mechanism OID and the initiator\n doesn't get confused (#1066000, RT#7858)\n[1.12.1-4]\n- pull in patch from master to move the default directory which the KDC uses\n when computing the socket path for a local OTP daemon from the database\n directory (/var/kerberos/krb5kdc) to the newly-added run directory\n (/run/krb5kdc), in line with what we're expecting in 1.13 (RT#7859, more\n of #1040056 as #1063905)\n- add a tmpfiles.d configuration file to have /run/krb5kdc created at\n boot-time\n- own /var/run/krb5kdc\n[1.12.1-3]\n- refresh nss_wrapper and add socket_wrapper to the %check environment\n* Fri Jan 31 2014 Nalin Dahyabhai \n- add currently-proposed changes to teach ksu about credential cache\n collections and the default_ccache_name setting (#1015559,#1026099)\n[1.12.1-2]\n- pull in multiple changes to allow replay caches to be added to a GSS\n credential store as 'rcache'-type credentials (RT#7818/#7819/#7836,\n[1.12.1-1]\n- update to 1.12.1\n - drop patch for RT#7794, included now\n - drop patch for RT#7797, included now\n - drop patch for RT#7803, included now\n - drop patch for RT#7805, included now\n - drop patch for RT#7807, included now\n - drop patch for RT#7045, included now\n - drop patches for RT#7813 and RT#7815, included now\n - add patch to always retrieve the KDC time offsets from keyring caches,\n so that we don't mistakenly interpret creds as expired before their\n time when our clock is ahead of the KDC's (RT#7820, #1030607)\n[1.12-11]\n- update the PIC patch for iaesx86.s to not use ELF relocations to the version\n that landed upstream (RT#7815, #1045699)\n* Thu Jan 09 2014 Nalin Dahyabhai \n- pass -Wl,--warn-shared-textrel to the compiler when we're creating shared\n libraries\n[1.12-10]\n- amend the PIC patch for iaesx86.s to also save/restore ebx in the\n functions where we modify it, because the ELF spec says we need to\n[1.12-9]\n- grab a more-commented version of the most recent patch from upstream\n master\n- make a guess at making the 32-bit AES-NI implementation sufficiently\n position-independent to not require execmod permissions for libk5crypto\n (more of #1045699)\n[1.12-8]\n- add patch from Dhiru Kholia for the AES-NI implementations to allow\n libk5crypto to be properly marked as not needing an executable stack\n on arches where they're used (#1045699, and so many others)\n[1.12-7]\n- revert that last change for a bit while sorting out execstack when we\n use AES-NI (#1045699)\n[1.12-6]\n- add yasm as a build requirement for AES-NI support, on arches that have\n yasm and AES-NI\n[1.12-5]\n- pull in fix from master to make reporting of errors encountered by\n the SPNEGO mechanism work better (RT#7045, part of #1043962)\n* Thu Dec 19 2013 Nalin Dahyabhai \n- update a test wrapper to properly handle things that the new libkrad does,\n and add python-pyrad as a build requirement so that we can run its tests\n[1.12-4]\n- revise previous patch to initialize one more element\n[1.12-3]\n- backport fixes to krb5_copy_context (RT#7807, #1044735/#1044739)\n[1.12-2]\n- pull in fix from master to return a NULL pointer rather than allocating\n zero bytes of memory if we read a zero-length input token (RT#7794, part of\n - pull in fix from master to ignore an empty token from an acceptor if\n we've already finished authenticating (RT#7797, part of #1043962)\n- pull in fix from master to avoid a memory leak when a mechanism's\n init_sec_context function fails (RT#7803, part of #1043962)\n- pull in fix from master to avoid a memory leak in a couple of error\n cases which could occur while obtaining acceptor credentials (RT#7805, part\n of #1043962)\n[1.12-1]\n- update to 1.12 final\n[1.12-beta2.0]\n- update to beta2\n - drop obsolete backports for storing KDC time offsets and expiration times\n in keyring credential caches\n[1.12-beta1.0]\n- rebase to master\n- update to beta1\n - drop obsolete backport of fix for RT#7706\n[1.11.4-2]\n- pull in fix to store KDC time offsets in keyring credential caches (RT#7768,\n - pull in fix to set expiration times on credentials stored in keyring\n credential caches (RT#7769, #1031724)\n[1.11.4-1]\n- update to 1.11.4\n - drop patch for RT#7650, obsoleted\n - drop patch for RT#7706, obsoleted as RT#7723\n - drop patch for CVE-2013-1418/CVE-2013-6800, included in 1.11.4", "published": "2015-03-11T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0439.html", "cvelist": ["CVE-2014-9422", "CVE-2014-5354", "CVE-2014-4342", "CVE-2014-5352", "CVE-2014-4343", "CVE-2014-5353", "CVE-2014-4344", "CVE-2014-9421", "CVE-2014-4345", "CVE-2014-4341", "CVE-2013-1418", "CVE-2014-9423", "CVE-2013-6800"], "lastseen": "2016-09-04T11:16:57"}], "archlinux": [{"id": "ASA-201502-12", "type": "archlinux", "title": "krb5: multiple issues", "description": "- CVE-2014-5352 (authenticated remote code execution):\n\nIn the MIT krb5 libgssapi_krb5 library, after\ngss_process_context_token() is used to process a valid context deletion\ntoken, the caller is left with a security context handle containing a\ndangling pointer. Further uses of this handle will result in\nuse-after-free and double-free memory access violations. libgssrpc\nserver applications such as kadmind are vulnerable as they can be\ninstructed to call gss_process_context_token().\n\n- CVE-2014-5353 (authenticated remote denial of service):\n\nIn MIT krb5, when kadmind is configured to use LDAP for the KDC\ndatabase, an authenticated remote attacker can cause a NULL dereference\nby attempting to use a named ticket policy object as a password policy\nfor a principal. The attacker needs to be authenticated as a user who\nhas the elevated privilege for setting password policy by adding or\nmodifying principals.\n\n- CVE-2014-5354 (authenticated remote denial of service):\n\nIn MIT krb5, when kadmind is configured to use LDAP for the KDC\ndatabase, an authenticated remote attacker can cause a NULL dereference\nby inserting into the database a principal entry which contains no\nlong-term keys.\n\n- CVE-2014-9421 (authenticated remote code execution):\n\nIf the MIT krb5 kadmind daemon receives invalid XDR data from an\nauthenticated user, it may perform use-after-free and double-free memory\naccess violations while cleaning up the partial deserialization results.\n Other libgssrpc server applications may also be vulnerable if they\ncontain insufficiently defensive XDR functions.\n\n- CVE-2014-9422 (privilege escalation):\n\nThe MIT krb5 kadmind daemon incorrectly accepts authentications to\ntwo-component server principals whose first component is a left\nsubstring of &quot;kadmin&quot; or whose realm is a left prefix of the default realm.\n\n- CVE-2014-9423 (unauthenticated remote information leak):\n\nlibgssrpc applications including kadmind output four or eight bytes of\nuninitialized memory to the network as part of an unused &quot;handle&quot; field\nin replies to clients.", "published": "2015-02-17T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html", "cvelist": ["CVE-2014-9422", "CVE-2014-5354", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421", "CVE-2014-9423"], "lastseen": "2016-09-02T18:44:42"}], "ubuntu": [{"id": "USN-2498-1", "type": "ubuntu", "title": "Kerberos vulnerabilities", "description": "It was discovered that Kerberos incorrectly sent old keys in response to a \n-randkey -keepold request. An authenticated remote attacker could use this \nissue to forge tickets by leveraging administrative access. This issue \nonly affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n([CVE-2014-5351](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5351>))\n\nIt was discovered that the libgssapi_krb5 library incorrectly processed \nsecurity context handles. A remote attacker could use this issue to cause \na denial of service, or possibly execute arbitrary code. ([CVE-2014-5352](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5352>))\n\nPatrik Kis discovered that Kerberos incorrectly handled LDAP queries with \nno results. An authenticated remote attacker could use this issue to cause \nthe KDC to crash, resulting in a denial of service. ([CVE-2014-5353](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5353>))\n\nIt was discovered that Kerberos incorrectly handled creating database \nentries for a keyless principal when using LDAP. An authenticated remote \nattacker could use this issue to cause the KDC to crash, resulting in a \ndenial of service. ([CVE-2014-5354](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-5354>))\n\nIt was discovered that Kerberos incorrectly handled memory when processing \nXDR data. A remote attacker could use this issue to cause kadmind to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n([CVE-2014-9421](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9421>))\n\nIt was discovered that Kerberos incorrectly handled two-component server \nprincipals. A remote attacker could use this issue to perform impersonation \nattacks. ([CVE-2014-9422](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9422>))\n\nIt was discovered that the libgssrpc library leaked uninitialized bytes. A \nremote attacker could use this issue to possibly obtain sensitive \ninformation. ([CVE-2014-9423](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9423>))", "published": "2015-02-10T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-2498-1/", "cvelist": ["CVE-2014-9422", "CVE-2014-5351", "CVE-2014-5354", "CVE-2014-5352", "CVE-2014-5353", "CVE-2014-9421", "CVE-2014-9423"], "lastseen": "2017-08-09T19:14:07"}]}}